According to a benchmarking study conducted by the Disaster Recovery Preparedness Council (DRPC), over one third of respondents said they lost one or more critical applications, VMs, or crucial data files for at least four hours last year. One in four said they experienced downtime of hours or days in at least one of their data centers. Reported losses from outages ranged from a few thousand to over a million dollars. Twenty percent said they had losses of between $50,000 to more than $5 million.
Despite the potential impact of these threats, many businesses are still unprepared. The BCI report shows only 18% of respondents were increasing their budget for business continuity programs and 11% were in fact reducing spending in that area. The DRPC noted that more than 60% of those that took the survey do not have a fully documented business continuity plan and another 40% admitted that the disaster recovery plan they did have wasn’t useful when it was implemented during their worst event or scenario. Using a rating scale of A to F, three quarters of the organizations scored either a D or F.
What should you be doing to ensure you have an effective business continuity plan? Here are three steps the DRPC says you should be taking to ensure business continuity.
1. Be Proactive
Determine what you will need to recover in the event of a business disruption. This should include applications, networks, document storage repositories, business services, and key operational processes.
2. Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)
This needs to be done for critical applications, systems and processes. These are crucial if you hope to set appropriate expectations and assumptions for management, employees, and customers.
3. Audit, Test, and Update Your Plan
One third of all organizations participating in the survey said they tested their plans only once or twice a year and nearly a quarter of them never test. Amazingly, of those organizations that are testing, more than 65% don’t pass their own tests. Without regular testing, there is no way to determine the effectiveness of your plan. Ongoing auditing and testing can help keep your plan fresh and ensure that it will be available when you need to invoke it in case of an event.
Many businesses feel they don’t have the time or resources to devote to a business continuity plan. Or they take an “it can’t happen here” attitude. History tells us that this is a shortsighted approach and can lead to serious problems for your business.
Do you have a documented business continuity plan? If not, do you have plans to establish one?